Parsing input in to logstash

(Elastic-for-me) #1

I configure snmp to get information from PDU
Run only two get to test, and output is long.

"" => "Racl 240 TOP",

"@timestamp" => 2019-02-07T21:21:47.493Z,
"" => "DataCenter1-P1-R240T",
"@version" => "1",

Ho do I parse this to remove all leading entry like "" all the way to second last word? like rPDU2DeviceConfigName ?

Something needs to be done in filter section can't figure out which filter to use. as string will be different for each OID that I will get.


This filter

    ruby {
        code => '
            event.to_hash.each { |k, v|
                if k.start_with? ""
                    newk = k.sub(/.*\.([^\.]+\.[^\.]+)$/, "\\1")
                    event.set(newk, v)

will reduce those down to

    "rPDU2DeviceConfigName.1" => "DataCenter1-P1-R240T",
"rPDU2DeviceConfigLocation.1" => "Racl 240 TOP",
(Elastic-for-me) #3

Badger, Man you rock. when will I buy you lunch. :slight_smile: :grinning:


(Elastic-for-me) #4

while we are on this ruby topic
how do I do math on field?
rPDULoadStatusLoad = new value

ruby {
code => "event.set('rPDULoadStatusLoad', event.get('rPDULoadStatusLoad.1')/10"
but seems like I am doing something wrong.

I try many different combination with this set and get all gives me error.


If rPDULoadStatusLoad.1 is a string (it shows up with quotes in a rubydebug output) then you will need to .to_f it.

event.set('rPDULoadStatusLoad', event.get('rPDULoadStatusLoad.1').to_f/10
(Elastic-for-me) #6

well this one just worked. LOL
ruby {
code => "event.set('rPDULoadStatusLoad',(event.get('rPDULoadStatusLoad.1')/10))"

(Elastic-for-me) #7

I didn't understand or to understand that.
now I have new problem on same parsing.
I have some value that ends with .2 and/or .3 and/or .4

k.sub(/.*.([^.]+.[^.]+)$/, "\1") ---> how is this doing parsing?
how do I tackle that?

(Elastic-for-me) #8

actually it works for any number. I didn't test it thought it will not work.
but will be good to know how?


That says anything (.*) followed by a dot, followed by one or more characters that are not dots, followed by a dot, followed by one or more characters that are not dots, followed by the end of the string. So it matches foo.1, foo.2, or even

(Elastic-for-me) #10

([^.]+.[^.]+)$ = one or more character that are not dot, dot, one or more char not dot till end of strings

Thanks. got it.

(system) closed #11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.